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IN THE CLAIMS 

Please amend the claims as follows. 

1 . (Currently Amended) A method, comprising: 

storing, by a client, at least one first certificate from an authorizer; 

storing, by the client, a universal resource identifier (URI) associated with both the at 
least one first certificate and a third party; 

providing, by the client to the third party, at least one second certificate and the universal 
resource identifier (URI) , wh e r e in th e at l e ast on e s e cond c e rtificat e id e ntifi e s th e third party ; 
and 

providing, by the client to the authorizer, the at least one first certificate, upon the 
authorizer accessing the universal resource identifier (URI); 

wherein the client retains control over the third party's use of the at least one first 
certificate. 

2. (Original) The method as recited in claim 1 , further comprising: 

providing, by the client to the third party, a third certificate with a short-term usage, upon 
demand by the authorizer. 

3. (Original) The method as recited in claim 2, wherein the third certificate is a one-time use 
certificate. 

4. (Original) The method as recited in claim 1, fiirther comprising: 

authenticating, by the client, the authorizer, upon the authorizer accessing the universal 
resource identifier (URI). 

5. (Previously Presented) The method as recited in claim 1, fiirther comprising: 

limiting, by the client, the third party's use of the at least one first certificate. 
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6. (Previously Presented) The method as recited in claim 1, fiirther comprising: 

tracking, by the client, the third party's use of the at least one first certificate. 

7. (Previously Presented) The method as recited in claim 1, wherein the contents of the at 
least one first certificate are not revealed to the third party. 

8. (Currently Amended) The method as recited in claim 1, fiirther comprising: 

revoking, by the client, the third party's ability to use the at least one first certificate, 
upon the authorizer accessing the universal resource identifier (URI), wherein the revoking is 
performed by the client not providing the at least one first certificate. 

9. (Currently Amended) A machine-accessible medium, with instructions thereon, which 
when processed by a machine direct [[a]] the machine to perform a method comprising: 

receiving, by a client, a first certificate fi-om an authorizer; 

generating, by the client, a universal resource identifier (URI) associated with both the 
first certificate and a third party; 

providing, by the client to the third party, a second certificate and the universal resource 

identifier (URI); and 

providing, by the client to the authorizer, the first certificate, upon the authorizer 
accessing the universal resource identifier (URI), upon the third party providing the second 
certificate and universal resource identifier (URI) to the authorizer. 

10. (Original) The machine-accessible medium recited in claim 9, wherein the third party 
provides the second certificate and universal resource identifier (URI) to the authorizer in an 
extensible Markup language (XML) signature. 



1 1 . (Original) The machine-accessible medium recited in claim 10, wherein the first and second 
certificates are Simple Public Key Infrastructure (SPO) certificates. 
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12. (Currently Amended) The machine-accessible medium recited in claim 9, further 
comprising: 

granting access to the third party, wherein the granting is performed by the authorize r and 
allows the third party to access a protected resource of the authorizer . 

13. (Original) The machine-accessible medium recited in claim 9, further comprising: 

tracking, by the client, at least one use of the second certificate. 

14. (Original) The machine-accessible medium recited in claim 9, fiirther comprising: 

revoking, by the client, the second certificate. 

15-17. (Canceled) 

18. (New) A method comprising: 

delivering a first certificate to a client; 

receiving a resource request and a second certificate from a third party, wherein the 
second certificate includes a universal resource identifier (URI) to access the first certificate of 

the client; and 

requesting the URI wherein a response to the request indicates whether the third party 
resource request is to be granted. 

1 9. (New) The method of claim 1 8, wherein the content of the first certificate are not 
revealed to the third party. 



20. (New) The method of claim 18, further comprising: 
fiilfiUing the third party resource request. 



